curl / Mailing Lists / curl-library / Single Mail


make "HTTP/0.9" support opt-in ?

From: Daniel Stenberg <>
Date: Mon, 2 Jul 2018 12:50:51 +0200 (CEST)


We have this bug [1] that shows a short "HTTP/0.9" response and how curl just
then ignores the data it receives.

HTTP/0.9 is the popular name for the never truly named HTTP version that
existed before HTTP/1.0 was born. It has no response headers at all but
instead it just sends data and requires a closed connection to signal the end
of the data.

libcurl supports HTTP/0.9 by default, which might come as a surprise to users.
Around 3% of users in the annual survey claim they use HTTP/0.9 with curl.

I would like to stop allowing HTTP/0.9 by default and instead make the support
opt-in and thus more explicit. I fear the implied support could become a
subtle security risk at some point to some, plus not supporting it will create
a better route forward for treating repsonses such as the one in [1] as an
error and not HTTP/0.9 data.

Does anyone has a use case or reasoning why going this way would be a bad

[1] =

Received on 2018-07-02